Category Archives: 3CX

Yealink Handset Crackling or Buzzing from Handset and Speakerphone

You may occasionally notice that your Yealink phone starts crackling or buzzing.  This has most commonly been observed after the phone has been in operation for sometime without being rebooted or after a firmware update.

Below are some troubleshooting steps that you can try to resolve the buzzing and crackling

  • Try restarting the Yealink Phone (You can either remove the Power or Ethernet Cable if using PoE, alternatively just hold down the X key until you are prompted to restart the phone)
  • Try a Factory Reset on the Phone, ensure that you have all the required settings to reconfigure the device after the factory reset.
  • Update the phone firmware to the latest release and then perform a factory reset prior to configuring or provisioning the phone again.
  • Confirm if crackling or buzzing is just occurring from the handset or also from the speakerphone.  If just the handset exhibits the issue then the cable or handset may need to be replaced.
  • Ensure that the VoIP/SIP Phone System is up to date
  • Ensure that you are using the most appropriate voice Codecs for your phones and the SIP Trunk. (A-law is commonly used in Europe and u-law is generally used in the United States)

manually download phone firmware for 3cx phone system

You can download the latest supported phone or handset firmware for 3CX from here: https://www.3cx.com/support/phone-firmwares/

Outdated/vulnerable OpenSSL versions 1.0.1e/1.0.1g used in 3CX V14 SP3

3CX Version 14 Service Pack 3 seems to include/use very old and insecure versions of OpenSSL 1.0.1e (11th February 2013) and 1.0.1g (5th June 2014).

More info about the locations is below:

C:\Program Files\3CX Phone System\Instance1\Bin\libeay32.dll
C:\Program Files\3CX Phone System\Instance1\Bin\ssleay32.dll

1.0.1.7
1.0.1g (5 Jun 2014)

C:\ProgramData\3CX\Bin\SSL\libeay32.dll
C:\ProgramData\3CX\Bin\SSL\ssleay32.dll

1.0.1.5
1.0.1e (11 Feb 2013)

OpenSSL 1.0.1t is the latest release and resolves a number of serious vulnerabilities

https://www.openssl.org/news/openssl-1.0.1-notes.html

This means that 3CX V14 Service Pack 3 is likely to be vulnerable to all of the documented vulnerabilities prior to the 1.0.1t OpenSSL release.  Using an IPS firewall may help to reduce the risk to your system until an updated version of OpenSSL is integrated into 3CX.

Insecure RC4 Cipher Suites and 56-bit encryption Enabled in 3CX V14 SP3

RC4 cipher suite is still enabled in Abyss Web Server X2 (Version 2.9.3.6) that is supplied with 3CX Version 14 Service Pack 3.

Version 2.11 of Abyss Web server X2 that was released on 5th April 2016 disabled the obsolete RC4 cipher suite as per RFC7465.
 
Abyss Web Server X2 in 3CX Version 14 Service Pack 3 also negotiates TLS_RSA_WITH_DES_CBC_SHA which is only a 56-bit key and is considered insecure.
3CX support have provided a workaround for this
You may edit the ciphers configured in Abyss by doing the following:
– on 3CX server, open a browser and go to http://127.0.0.1:9999, login with admin/admin
– change Ciphers dropdown to “Custom Ciphers Specification”
– replace RC4-SHA:HIGH:MEDIUM:LOW:DEFAULT:-EXP:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
with HIGH:MEDIUM:LOW:DEFAULT:-EXP:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!TLS_RSA_WITH_DES_CBC_SHA:!RC4:!DES-CBC-SHA
– validate, clicking OK on each screen until you are back to the webserver homepage then click Restart button.